I'm voting for CA Technologies (aka CA). Ballot below.
=====================================================
VOTING BALLOT
=====================================================
*****************************************************
FIRST CHOICE:
OPTION A: Year + 6 digits, with leading 0's
Examples: CVE-2014-000001, CVE-2014-000999, CVE-2014-001234,
CVE-2014-009999, CVE-2014-010000, CVE-2014-054321, CVE-2014-099999,
CVE-2014-100000, CVE-2014-123456, CVE-2014-999999
REASONS (first choice):
Simple, logical, straightforward, and easy for everybody to
understand and transition to. This option is most similar to the
existing/old format too. If we require more than a million
identifiers in one year, we can easily expand this format by adding
more leading zero(s). Another of the advantages of this option is
that it provides a known fixed length for identifiers.
*****************************************************
SECOND CHOICE:
OPTION B: Year + arbitrary digits, no leading 0's except IDs 1 to 999
Examples: CVE-2014-0001, CVE-2014-0999, CVE-2014-1234,
CVE-2014-9999, CVE-2014-10000, CVE-2014-54321, CVE-2014-99999,
CVE-2014-100000, CVE-2014-123456, CVE-2014-999999, CVE-2014-1234567
REASONS (second choice):
This is the next most simple and straightforward option. This option
is not preferred though because of the potential for truncation
errors.
*****************************************************
LAST CHOICE:
OPTION C: Year + arbitrary digits + check digit
Examples: CVE-2014-1-8, CVE-2014-999-3, CVE-2014-1234-3,
CVE-2014-9999-3, CVE-2014-10000-8, CVE-2014-54321-5,
CVE-2014-123456-5, CVE-2014-999999-5, CVE-2014-1234567-4
REASONS (last choice):
This option is not recommended because it is overly complex by
introducing an unnecessary algorithm. The check digit effectively
addresses a problem that never existed, and instead would likely
create problems ... such as CVE implementers/users mistaking it for
a popular versioning scheme (as Brian Martin noted).
*****************************************************
Thanks and regards,
Ken Williams, Director
CA Technologies Product Vulnerability Response Team
CA Technologies Business Unit Operations
wilja22@ca.com